LCOV - code coverage report
Current view: top level - builds/gnutls/coverage/gnutls-git/lib - state.c (source / functions) Hit Total Coverage
Test: GnuTLS-3.6.14 Code Coverage Lines: 478 526 90.9 %
Date: 2020-10-30 04:50:48 Functions: 45 48 93.8 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*
       2             :  * Copyright (C) 2002-2016 Free Software Foundation, Inc.
       3             :  * Copyright (C) 2014-2016 Nikos Mavrogiannopoulos
       4             :  * Copyright (C) 2015-2018 Red Hat, Inc.
       5             :  *
       6             :  * Author: Nikos Mavrogiannopoulos
       7             :  *
       8             :  * This file is part of GnuTLS.
       9             :  *
      10             :  * The GnuTLS is free software; you can redistribute it and/or
      11             :  * modify it under the terms of the GNU Lesser General Public License
      12             :  * as published by the Free Software Foundation; either version 2.1 of
      13             :  * the License, or (at your option) any later version.
      14             :  *
      15             :  * This library is distributed in the hope that it will be useful, but
      16             :  * WITHOUT ANY WARRANTY; without even the implied warranty of
      17             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      18             :  * Lesser General Public License for more details.
      19             :  *
      20             :  * You should have received a copy of the GNU Lesser General Public License
      21             :  * along with this program.  If not, see <https://www.gnu.org/licenses/>
      22             :  *
      23             :  */
      24             : 
      25             : /* Functions to manipulate the session (gnutls_int.h), and some other stuff
      26             :  * are included here. The file's name is traditionally gnutls_state even if the
      27             :  * state has been renamed to session.
      28             :  */
      29             : 
      30             : #include "gnutls_int.h"
      31             : #include "errors.h"
      32             : #include <auth.h>
      33             : #include <num.h>
      34             : #include <datum.h>
      35             : #include <db.h>
      36             : #include <record.h>
      37             : #include <handshake.h>
      38             : #include <dh.h>
      39             : #include <buffers.h>
      40             : #include <mbuffers.h>
      41             : #include <state.h>
      42             : #include <constate.h>
      43             : #include <auth/cert.h>
      44             : #include <auth/anon.h>
      45             : #include <auth/psk.h>
      46             : #include <algorithms.h>
      47             : #include <hello_ext.h>
      48             : #include <system.h>
      49             : #include <random.h>
      50             : #include <fips.h>
      51             : #include <intprops.h>
      52             : #include <gnutls/dtls.h>
      53             : #include "dtls.h"
      54             : #include "tls13/session_ticket.h"
      55             : #include "ext/cert_types.h"
      56             : #include "locks.h"
      57             : #include "kx.h"
      58             : #ifdef HAVE_VALGRIND_MEMCHECK_H
      59             : #include <valgrind/memcheck.h>
      60             : #endif
      61             : 
      62             : /* to be used by supplemental data support to disable TLS1.3
      63             :  * when supplemental data have been globally registered */
      64             : unsigned _gnutls_disable_tls13 = 0;
      65             : 
      66             : /* These should really be static, but src/tests.c calls them.  Make
      67             :    them public functions?  */
      68             : void
      69             : _gnutls_rsa_pms_set_version(gnutls_session_t session,
      70             :                             unsigned char major, unsigned char minor);
      71             : 
      72             : /**
      73             :  * gnutls_cipher_get:
      74             :  * @session: is a #gnutls_session_t type.
      75             :  *
      76             :  * Get the currently used cipher.
      77             :  *
      78             :  * Returns: the currently used cipher, a #gnutls_cipher_algorithm_t
      79             :  *   type.
      80             :  **/
      81       20867 : gnutls_cipher_algorithm_t gnutls_cipher_get(gnutls_session_t session)
      82             : {
      83       20867 :         record_parameters_st *record_params;
      84       20867 :         int ret;
      85             : 
      86       20867 :         ret =
      87       20867 :             _gnutls_epoch_get(session, EPOCH_READ_CURRENT, &record_params);
      88       20867 :         if (ret < 0)
      89           0 :                 return gnutls_assert_val(GNUTLS_CIPHER_NULL);
      90             : 
      91       20867 :         return record_params->cipher->id;
      92             : }
      93             : 
      94             : /**
      95             :  * gnutls_certificate_type_get:
      96             :  * @session: is a #gnutls_session_t type.
      97             :  *
      98             :  * This function returns the type of the certificate that is negotiated
      99             :  * for this side to send to the peer. The certificate type is by default
     100             :  * X.509, unless an alternative certificate type is enabled by
     101             :  * gnutls_init() and negotiated during the session.
     102             :  *
     103             :  * Resumed sessions will return the certificate type that was negotiated
     104             :  * and used in the original session.
     105             :  *
     106             :  * As of version 3.6.4 it is recommended to use
     107             :  * gnutls_certificate_type_get2() which is more fine-grained.
     108             :  *
     109             :  * Returns: the currently used #gnutls_certificate_type_t certificate
     110             :  *   type as negotiated for 'our' side of the connection.
     111             :  **/
     112             : gnutls_certificate_type_t
     113         696 : gnutls_certificate_type_get(gnutls_session_t session)
     114             : {
     115         696 :         return gnutls_certificate_type_get2(session, GNUTLS_CTYPE_OURS);
     116             : }
     117             : 
     118             : /**
     119             :  * gnutls_certificate_type_get2:
     120             :  * @session: is a #gnutls_session_t type.
     121             :  * @target: is a #gnutls_ctype_target_t type.
     122             :  *
     123             :  * This function returns the type of the certificate that a side
     124             :  * is negotiated to use.  The certificate type is by default X.509,
     125             :  * unless an alternative certificate type is enabled by gnutls_init() and
     126             :  * negotiated during the session.
     127             :  *
     128             :  * The @target parameter specifies whether to request the negotiated
     129             :  * certificate type for the client (%GNUTLS_CTYPE_CLIENT),
     130             :  * or for the server (%GNUTLS_CTYPE_SERVER). Additionally, in P2P mode
     131             :  * connection set up where you don't know in advance who will be client
     132             :  * and who will be server you can use the flag (%GNUTLS_CTYPE_OURS) and
     133             :  * (%GNUTLS_CTYPE_PEERS) to retrieve the corresponding certificate types.
     134             :  *
     135             :  * Resumed sessions will return the certificate type that was negotiated
     136             :  * and used in the original session. That is, this function can be used
     137             :  * to reliably determine the type of the certificate returned by
     138             :  * gnutls_certificate_get_peers().
     139             :  *
     140             :  * Returns: the currently used #gnutls_certificate_type_t certificate
     141             :  *   type for the client or the server.
     142             :  *
     143             :  * Since: 3.6.4
     144             :  **/
     145             : gnutls_certificate_type_t
     146        6929 : gnutls_certificate_type_get2(gnutls_session_t session,
     147             :                              gnutls_ctype_target_t target)
     148             : {
     149             :         /* We want to inline this function so therefore
     150             :          * we've defined it in gnutls_int.h */
     151        6929 :         return get_certificate_type(session, target);
     152             : }
     153             : 
     154             : /**
     155             :  * gnutls_kx_get:
     156             :  * @session: is a #gnutls_session_t type.
     157             :  *
     158             :  * Get the currently used key exchange algorithm.
     159             :  *
     160             :  * This function will return %GNUTLS_KX_ECDHE_RSA, or %GNUTLS_KX_DHE_RSA
     161             :  * under TLS 1.3, to indicate an elliptic curve DH key exchange or
     162             :  * a finite field one. The precise group used is available
     163             :  * by calling gnutls_group_get() instead.
     164             :  *
     165             :  * Returns: the key exchange algorithm used in the last handshake, a
     166             :  *   #gnutls_kx_algorithm_t value.
     167             :  **/
     168       14209 : gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session)
     169             : {
     170       14209 :         if (session->security_parameters.cs == 0)
     171             :                 return 0;
     172             : 
     173       14209 :         if (session->security_parameters.cs->kx_algorithm == 0) { /* TLS 1.3 */
     174        9890 :                 const version_entry_st *ver = get_version(session);
     175        9890 :                 const gnutls_group_entry_st *group = get_group(session);
     176             : 
     177        9890 :                 if (ver->tls13_sem) {
     178        9890 :                         if (session->internals.hsk_flags & HSK_PSK_SELECTED) {
     179        2589 :                                 if (group) {
     180         883 :                                         if (group->pk == GNUTLS_PK_DH)
     181             :                                                 return GNUTLS_KX_DHE_PSK;
     182             :                                         else
     183         392 :                                                 return GNUTLS_KX_ECDHE_PSK;
     184             :                                 } else {
     185             :                                         return GNUTLS_KX_PSK;
     186             :                                 }
     187        7301 :                         } else if (group) {
     188        7301 :                                 if (group->pk == GNUTLS_PK_DH)
     189             :                                         return GNUTLS_KX_DHE_RSA;
     190             :                                 else
     191        4447 :                                         return GNUTLS_KX_ECDHE_RSA;
     192             :                         }
     193             :                 }
     194             :         }
     195             : 
     196             :         return session->security_parameters.cs->kx_algorithm;
     197             : }
     198             : 
     199             : /**
     200             :  * gnutls_mac_get:
     201             :  * @session: is a #gnutls_session_t type.
     202             :  *
     203             :  * Get the currently used MAC algorithm.
     204             :  *
     205             :  * Returns: the currently used mac algorithm, a
     206             :  *   #gnutls_mac_algorithm_t value.
     207             :  **/
     208       20784 : gnutls_mac_algorithm_t gnutls_mac_get(gnutls_session_t session)
     209             : {
     210       20784 :         record_parameters_st *record_params;
     211       20784 :         int ret;
     212             : 
     213       20784 :         ret =
     214       20784 :             _gnutls_epoch_get(session, EPOCH_READ_CURRENT, &record_params);
     215       20784 :         if (ret < 0)
     216           0 :                 return gnutls_assert_val(GNUTLS_MAC_NULL);
     217             : 
     218       20784 :         return record_params->mac->id;
     219             : }
     220             : 
     221             : /**
     222             :  * gnutls_compression_get:
     223             :  * @session: is a #gnutls_session_t type.
     224             :  *
     225             :  * Get the currently used compression algorithm.
     226             :  *
     227             :  * Returns: the currently used compression method, a
     228             :  *   #gnutls_compression_method_t value.
     229             :  **/
     230             : gnutls_compression_method_t
     231          39 : gnutls_compression_get(gnutls_session_t session)
     232             : {
     233          39 :         return GNUTLS_COMP_NULL;
     234             : }
     235             : 
     236             : /**
     237             :  * gnutls_prf_hash_get:
     238             :  * @session: is a #gnutls_session_t type.
     239             :  *
     240             :  * Get the currently used hash algorithm. In TLS 1.3, the hash
     241             :  * algorithm is used for both the key derivation function and
     242             :  * handshake message authentication code. In TLS 1.2, it matches the
     243             :  * hash algorithm used for PRF.
     244             :  *
     245             :  * Returns: the currently used hash algorithm, a
     246             :  *    #gnutls_digest_algorithm_t value.
     247             :  *
     248             :  * Since: 3.6.13
     249             :  **/
     250             : gnutls_digest_algorithm_t
     251           2 : gnutls_prf_hash_get(const gnutls_session_t session)
     252             : {
     253           2 :         if (session->security_parameters.prf == NULL)
     254           0 :                 return gnutls_assert_val(GNUTLS_DIG_UNKNOWN);
     255             : 
     256           2 :         if (session->security_parameters.prf->id >= GNUTLS_MAC_AEAD)
     257           0 :                 return gnutls_assert_val(GNUTLS_DIG_UNKNOWN);
     258             : 
     259             :         return (gnutls_digest_algorithm_t)session->security_parameters.prf->id;
     260             : }
     261             : 
     262       39812 : void reset_binders(gnutls_session_t session)
     263             : {
     264       39812 :         _gnutls_free_temp_key_datum(&session->key.binders[0].psk);
     265       39812 :         _gnutls_free_temp_key_datum(&session->key.binders[1].psk);
     266       39812 :         memset(session->key.binders, 0, sizeof(session->key.binders));
     267       39812 : }
     268             : 
     269             : /* Check whether certificate credentials of type @cert_type are set
     270             :  * for the current session.
     271             :  */
     272         137 : static bool _gnutls_has_cert_credentials(gnutls_session_t session,
     273             :                                                 gnutls_certificate_type_t cert_type)
     274             : {
     275         137 :         unsigned i;
     276         137 :         unsigned cert_found = 0;
     277         137 :         gnutls_certificate_credentials_t cred;
     278             : 
     279             :         /* First, check for certificate credentials. If we have no certificate
     280             :          * credentials set then we don't support certificates at all.
     281             :          */
     282         137 :         cred = (gnutls_certificate_credentials_t)
     283         137 :                         _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE);
     284             : 
     285         137 :         if (cred == NULL)
     286             :                 return false;
     287             : 
     288             :         /* There are credentials initialized. Now check whether we can find
     289             :          * pre-set certificates of the required type, but only if we don't
     290             :          * use the callback functions.
     291             :          */
     292         137 :         if (cred->get_cert_callback3 == NULL) {
     293         175 :                 for (i = 0; i < cred->ncerts; i++) {
     294          94 :                         if (cred->certs[i].cert_list[0].type == cert_type) {
     295             :                                 cert_found = 1;
     296             :                                 break;
     297             :                         }
     298             :                 }
     299             : 
     300         131 :                 if (cert_found == 0) {
     301             :                         /* No matching certificate found. */
     302          81 :                         return false;
     303             :                 }
     304             :         }
     305             : 
     306             :         return true; // OK
     307             : }
     308             : 
     309             : /* Check if the given certificate type is supported.
     310             :  * This means that it is enabled by the priority functions,
     311             :  * and in some cases a matching certificate exists. A check for
     312             :  * the latter can be toggled via the parameter @check_credentials.
     313             :  */
     314             : int
     315         228 : _gnutls_session_cert_type_supported(gnutls_session_t session,
     316             :                                     gnutls_certificate_type_t cert_type,
     317             :                                     bool check_credentials,
     318             :                                     gnutls_ctype_target_t target)
     319             : {
     320         228 :         unsigned i;
     321         228 :         priority_st* ctype_priorities;
     322             : 
     323             :         // Check whether this cert type is enabled by the application
     324         228 :         if (!is_cert_type_enabled(session, cert_type))
     325           0 :                 return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE);
     326             : 
     327             :         // Perform a credentials check if requested
     328         228 :         if (check_credentials)  {
     329         137 :                 if (!_gnutls_has_cert_credentials(session, cert_type))
     330          81 :                         return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE);
     331             :         }
     332             : 
     333             :         /* So far so good. We have the required credentials (if needed).
     334             :          * Now check whether we are allowed to use them according to our
     335             :          * priorities.
     336             :          */
     337             :         // Which certificate type should we query?
     338         147 :         switch (target) {
     339          38 :                 case GNUTLS_CTYPE_CLIENT:
     340          38 :                         ctype_priorities =
     341          38 :                                         &(session->internals.priorities->client_ctype);
     342          38 :                         break;
     343         109 :                 case GNUTLS_CTYPE_SERVER:
     344         109 :                         ctype_priorities =
     345         109 :                                         &(session->internals.priorities->server_ctype);
     346         109 :                         break;
     347             :                 default:
     348           0 :                         return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
     349             :         }
     350             : 
     351             :         // No explicit priorities set, and default ctype is asked
     352         147 :         if (ctype_priorities->num_priorities == 0
     353           0 :             && cert_type == DEFAULT_CERT_TYPE)
     354             :                 return 0;
     355             : 
     356             :         /* Now lets find out whether our cert type is in our priority
     357             :          * list, i.e. set of allowed cert types.
     358             :          */
     359         243 :         for (i = 0; i < ctype_priorities->num_priorities; i++) {
     360         241 :                 if (ctype_priorities->priorities[i] == cert_type)
     361             :                         return 0;
     362             :         }
     363             : 
     364             :         return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
     365             : }
     366             : 
     367       37400 : static void deinit_keys(gnutls_session_t session)
     368             : {
     369       37400 :         const version_entry_st *vers = get_version(session);
     370             : 
     371       37400 :         if (vers == NULL)
     372             :                 return;
     373             : 
     374       37383 :         gnutls_pk_params_release(&session->key.kshare.ecdhx_params);
     375       37383 :         gnutls_pk_params_release(&session->key.kshare.ecdh_params);
     376       37383 :         gnutls_pk_params_release(&session->key.kshare.dh_params);
     377             : 
     378       37383 :         if (!vers->tls13_sem && session->key.binders[0].prf == NULL) {
     379       24842 :                 gnutls_pk_params_release(&session->key.proto.tls12.ecdh.params);
     380       24842 :                 gnutls_pk_params_release(&session->key.proto.tls12.dh.params);
     381       24842 :                 zrelease_temp_mpi_key(&session->key.proto.tls12.ecdh.x);
     382       24842 :                 zrelease_temp_mpi_key(&session->key.proto.tls12.ecdh.y);
     383       24842 :                 _gnutls_free_temp_key_datum(&session->key.proto.tls12.ecdh.raw);
     384             : 
     385       24842 :                 zrelease_temp_mpi_key(&session->key.proto.tls12.dh.client_Y);
     386             : 
     387             :                 /* SRP */
     388       24842 :                 zrelease_temp_mpi_key(&session->key.proto.tls12.srp.srp_p);
     389       24842 :                 zrelease_temp_mpi_key(&session->key.proto.tls12.srp.srp_g);
     390       24842 :                 zrelease_temp_mpi_key(&session->key.proto.tls12.srp.srp_key);
     391             : 
     392       24842 :                 zrelease_temp_mpi_key(&session->key.proto.tls12.srp.u);
     393       24842 :                 zrelease_temp_mpi_key(&session->key.proto.tls12.srp.a);
     394       24842 :                 zrelease_temp_mpi_key(&session->key.proto.tls12.srp.x);
     395       24842 :                 zrelease_temp_mpi_key(&session->key.proto.tls12.srp.A);
     396       24842 :                 zrelease_temp_mpi_key(&session->key.proto.tls12.srp.B);
     397       24842 :                 zrelease_temp_mpi_key(&session->key.proto.tls12.srp.b);
     398             :         } else {
     399       12541 :                 gnutls_memset(session->key.proto.tls13.temp_secret, 0,
     400             :                               sizeof(session->key.proto.tls13.temp_secret));
     401             :         }
     402             : 
     403       37383 :         reset_binders(session);
     404       37383 :         _gnutls_free_temp_key_datum(&session->key.key);
     405             : }
     406             : 
     407             : /* An internal version of _gnutls_handshake_internal_state_clear(),
     408             :  * it will not attempt to deallocate, only initialize */
     409       60505 : static void handshake_internal_state_clear1(gnutls_session_t session)
     410             : {
     411             :         /* by default no selected certificate */
     412       60505 :         session->internals.adv_version_major = 0;
     413       60505 :         session->internals.adv_version_minor = 0;
     414       60505 :         session->internals.direction = 0;
     415             : 
     416             :         /* use out of band data for the last
     417             :          * handshake messages received.
     418             :          */
     419       60505 :         session->internals.last_handshake_in = -1;
     420       60505 :         session->internals.last_handshake_out = -1;
     421             : 
     422       60505 :         session->internals.resumable = RESUME_TRUE;
     423             : 
     424       60505 :         session->internals.handshake_suspicious_loops = 0;
     425       60505 :         session->internals.dtls.hsk_read_seq = 0;
     426       60505 :         session->internals.dtls.hsk_write_seq = 0;
     427             : 
     428       60505 :         session->internals.cand_ec_group = 0;
     429       60505 :         session->internals.cand_dh_group = 0;
     430             : 
     431       60505 :         session->internals.hrr_cs[0] = CS_INVALID_MAJOR;
     432       60505 :         session->internals.hrr_cs[1] = CS_INVALID_MINOR;
     433       60505 : }
     434             : 
     435             : /* This function will clear all the variables in internals
     436             :  * structure within the session, which depend on the current handshake.
     437             :  * This is used to allow further handshakes.
     438             :  */
     439       37400 : void _gnutls_handshake_internal_state_clear(gnutls_session_t session)
     440             : {
     441       37400 :         handshake_internal_state_clear1(session);
     442             : 
     443       37400 :         _gnutls_handshake_hash_buffers_clear(session);
     444       37400 :         deinit_keys(session);
     445             : 
     446       37400 :         _gnutls_epoch_gc(session);
     447             : 
     448       37400 :         session->internals.handshake_abs_timeout.tv_sec = 0;
     449       37400 :         session->internals.handshake_abs_timeout.tv_nsec = 0;
     450       37400 :         session->internals.handshake_in_progress = 0;
     451             : 
     452       37400 :         session->internals.tfo.connect_addrlen = 0;
     453       37400 :         session->internals.tfo.connect_only = 0;
     454       37400 :         session->internals.early_data_received = 0;
     455       37400 : }
     456             : 
     457             : /**
     458             :  * gnutls_init:
     459             :  * @session: is a pointer to a #gnutls_session_t type.
     460             :  * @flags: indicate if this session is to be used for server or client.
     461             :  *
     462             :  * This function initializes the provided session. Every
     463             :  * session must be initialized before use, and must be deinitialized
     464             :  * after used by calling gnutls_deinit().
     465             :  *
     466             :  * @flags can be any combination of flags from %gnutls_init_flags_t.
     467             :  *
     468             :  * Note that since version 3.1.2 this function enables some common
     469             :  * TLS extensions such as session tickets and OCSP certificate status
     470             :  * request in client side by default. To prevent that use the %GNUTLS_NO_EXTENSIONS
     471             :  * flag.
     472             :  *
     473             :  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
     474             :  **/
     475       23105 : int gnutls_init(gnutls_session_t * session, unsigned int flags)
     476             : {
     477       23105 :         int ret;
     478             : 
     479       23105 :         FAIL_IF_LIB_ERROR;
     480             : 
     481       23105 :         *session = gnutls_calloc(1, sizeof(struct gnutls_session_int));
     482       23105 :         if (*session == NULL)
     483             :                 return GNUTLS_E_MEMORY_ERROR;
     484             : 
     485       23105 :         ret = gnutls_mutex_init(&(*session)->internals.post_negotiation_lock);
     486       23105 :         if (ret < 0) {
     487           0 :                 gnutls_assert();
     488           0 :                 gnutls_free(*session);
     489           0 :                 return ret;
     490             :         }
     491             : 
     492       23105 :         ret = gnutls_mutex_init(&(*session)->internals.epoch_lock);
     493       23105 :         if (ret < 0) {
     494           0 :                 gnutls_assert();
     495           0 :                 gnutls_mutex_deinit(&(*session)->internals.post_negotiation_lock);
     496           0 :                 gnutls_free(*session);
     497           0 :                 return ret;
     498             :         }
     499             : 
     500       23105 :         ret = _gnutls_epoch_setup_next(*session, 1, NULL);
     501       23105 :         if (ret < 0) {
     502           0 :                 gnutls_mutex_deinit(&(*session)->internals.post_negotiation_lock);
     503           0 :                 gnutls_mutex_deinit(&(*session)->internals.epoch_lock);
     504           0 :                 gnutls_free(*session);
     505           0 :                 return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
     506             :         }
     507       23105 :         _gnutls_epoch_bump(*session);
     508             : 
     509       46210 :         (*session)->security_parameters.entity =
     510       23105 :             (flags & GNUTLS_SERVER ? GNUTLS_SERVER : GNUTLS_CLIENT);
     511             : 
     512             :         /* the default certificate type for TLS */
     513       23105 :         (*session)->security_parameters.client_ctype = DEFAULT_CERT_TYPE;
     514       23105 :         (*session)->security_parameters.server_ctype = DEFAULT_CERT_TYPE;
     515             : 
     516             :         /* Initialize buffers */
     517       23105 :         _gnutls_buffer_init(&(*session)->internals.handshake_hash_buffer);
     518       23105 :         _gnutls_buffer_init(&(*session)->internals.post_handshake_hash_buffer);
     519       23105 :         _gnutls_buffer_init(&(*session)->internals.hb_remote_data);
     520       23105 :         _gnutls_buffer_init(&(*session)->internals.hb_local_data);
     521       23105 :         _gnutls_buffer_init(&(*session)->internals.record_presend_buffer);
     522       23105 :         _gnutls_buffer_init(&(*session)->internals.record_key_update_buffer);
     523       23105 :         _gnutls_buffer_init(&(*session)->internals.reauth_buffer);
     524             : 
     525       23105 :         _mbuffer_head_init(&(*session)->internals.record_buffer);
     526       23105 :         _mbuffer_head_init(&(*session)->internals.record_send_buffer);
     527       23105 :         _mbuffer_head_init(&(*session)->internals.record_recv_buffer);
     528       23105 :         _mbuffer_head_init(&(*session)->internals.early_data_recv_buffer);
     529       23105 :         _gnutls_buffer_init(&(*session)->internals.early_data_presend_buffer);
     530             : 
     531       23105 :         _mbuffer_head_init(&(*session)->internals.handshake_send_buffer);
     532       23105 :         _gnutls_handshake_recv_buffer_init(*session);
     533             : 
     534       23105 :         (*session)->internals.expire_time = DEFAULT_EXPIRE_TIME;
     535             : 
     536             :         /* Ticket key rotation - set the default X to 3 times the ticket expire time */
     537       23105 :         (*session)->key.totp.last_result = 0;
     538             : 
     539       23105 :         gnutls_handshake_set_max_packet_length((*session),
     540             :                                                MAX_HANDSHAKE_PACKET_SIZE);
     541             : 
     542             :         /* set the socket pointers to -1;
     543             :          */
     544       23105 :         (*session)->internals.transport_recv_ptr =
     545             :             (gnutls_transport_ptr_t) - 1;
     546       23105 :         (*session)->internals.transport_send_ptr =
     547             :             (gnutls_transport_ptr_t) - 1;
     548             : 
     549             :         /* set the default maximum record size for TLS
     550             :          */
     551       23105 :         (*session)->security_parameters.max_record_recv_size =
     552             :             DEFAULT_MAX_RECORD_SIZE;
     553       23105 :         (*session)->security_parameters.max_record_send_size =
     554             :             DEFAULT_MAX_RECORD_SIZE;
     555       23105 :         (*session)->security_parameters.max_user_record_recv_size =
     556             :             DEFAULT_MAX_RECORD_SIZE;
     557       23105 :         (*session)->security_parameters.max_user_record_send_size =
     558             :             DEFAULT_MAX_RECORD_SIZE;
     559             : 
     560             :         /* set the default early data size for TLS
     561             :          */
     562       23105 :         if ((*session)->security_parameters.entity == GNUTLS_SERVER) {
     563       19517 :                 (*session)->security_parameters.max_early_data_size =
     564             :                         DEFAULT_MAX_EARLY_DATA_SIZE;
     565             :         } else {
     566        3588 :                 (*session)->security_parameters.max_early_data_size =
     567             :                         UINT32_MAX;
     568             :         }
     569             : 
     570             :         /* Everything else not initialized here is initialized as NULL
     571             :          * or 0. This is why calloc is used. However, we want to
     572             :          * ensure that certain portions of data are initialized at
     573             :          * runtime before being used. Mark such regions with a
     574             :          * valgrind client request as undefined.
     575             :          */
     576             : #ifdef HAVE_VALGRIND_MEMCHECK_H
     577             :         if (RUNNING_ON_VALGRIND) {
     578             :                 if (flags & GNUTLS_CLIENT)
     579             :                         VALGRIND_MAKE_MEM_UNDEFINED((*session)->security_parameters.client_random,
     580             :                                                     GNUTLS_RANDOM_SIZE);
     581             :                 if (flags & GNUTLS_SERVER) {
     582             :                         VALGRIND_MAKE_MEM_UNDEFINED((*session)->security_parameters.server_random,
     583             :                                                     GNUTLS_RANDOM_SIZE);
     584             :                         VALGRIND_MAKE_MEM_UNDEFINED((*session)->key.session_ticket_key,
     585             :                                                     TICKET_MASTER_KEY_SIZE);
     586             :                 }
     587             :         }
     588             : #endif
     589       23105 :         handshake_internal_state_clear1(*session);
     590             : 
     591             : #ifdef HAVE_WRITEV
     592             : #ifdef MSG_NOSIGNAL
     593       23105 :         if (flags & GNUTLS_NO_SIGNAL)
     594           1 :                 gnutls_transport_set_vec_push_function(*session, system_writev_nosignal);
     595             :         else
     596             : #endif
     597       23104 :                 gnutls_transport_set_vec_push_function(*session, system_writev);
     598             : #else
     599             :         gnutls_transport_set_push_function(*session, system_write);
     600             : #endif
     601       23105 :         (*session)->internals.pull_timeout_func = gnutls_system_recv_timeout;
     602       23105 :         (*session)->internals.pull_func = system_read;
     603       23105 :         (*session)->internals.errno_func = system_errno;
     604             : 
     605       23105 :         (*session)->internals.saved_username_size = -1;
     606             : 
     607             :         /* heartbeat timeouts */
     608       23105 :         (*session)->internals.hb_retrans_timeout_ms = 1000;
     609       23105 :         (*session)->internals.hb_total_timeout_ms = 60000;
     610             : 
     611       23105 :         if (flags & GNUTLS_DATAGRAM) {
     612         589 :                 (*session)->internals.dtls.mtu = DTLS_DEFAULT_MTU;
     613         589 :                 (*session)->internals.transport = GNUTLS_DGRAM;
     614             : 
     615         589 :                 gnutls_dtls_set_timeouts(*session, DTLS_RETRANS_TIMEOUT, 60000);
     616             :         } else {
     617       22516 :                 (*session)->internals.transport = GNUTLS_STREAM;
     618             :         }
     619             : 
     620             :         /* Enable useful extensions */
     621       23105 :         if ((flags & GNUTLS_CLIENT) && !(flags & GNUTLS_NO_EXTENSIONS)) {
     622             : #ifdef ENABLE_OCSP
     623        3582 :                 gnutls_ocsp_status_request_enable_client(*session, NULL, 0,
     624             :                                                          NULL);
     625             : #endif
     626             :         }
     627             : 
     628             :         /* session tickets in server side are enabled by setting a key */
     629       23105 :         if (flags & GNUTLS_SERVER)
     630       19517 :                 flags |= GNUTLS_NO_TICKETS;
     631             : 
     632       23105 :         (*session)->internals.flags = flags;
     633             : 
     634       23105 :         if (_gnutls_disable_tls13 != 0)
     635          20 :                 (*session)->internals.flags |= INT_FLAG_NO_TLS13;
     636             : 
     637             :         /* Install the default keylog function */
     638       23105 :         gnutls_session_set_keylog_function(*session, _gnutls_nss_keylog_func);
     639             : 
     640       23105 :         return 0;
     641             : }
     642             : 
     643             : /* returns RESUME_FALSE or RESUME_TRUE.
     644             :  */
     645           0 : int _gnutls_session_is_resumable(gnutls_session_t session)
     646             : {
     647           0 :         return session->internals.resumable;
     648             : }
     649             : 
     650             : 
     651             : /**
     652             :  * gnutls_deinit:
     653             :  * @session: is a #gnutls_session_t type.
     654             :  *
     655             :  * This function clears all buffers associated with the @session.
     656             :  * This function will also remove session data from the session
     657             :  * database if the session was terminated abnormally.
     658             :  **/
     659       23004 : void gnutls_deinit(gnutls_session_t session)
     660             : {
     661       23004 :         unsigned int i;
     662             : 
     663       23004 :         if (session == NULL)
     664             :                 return;
     665             : 
     666             :         /* remove auth info firstly */
     667       23004 :         _gnutls_free_auth_info(session);
     668             : 
     669       23004 :         _gnutls_handshake_internal_state_clear(session);
     670       23004 :         _gnutls_handshake_io_buffer_clear(session);
     671       23004 :         _gnutls_hello_ext_priv_deinit(session);
     672             : 
     673      138024 :         for (i = 0; i < MAX_EPOCH_INDEX; i++)
     674       92016 :                 if (session->record_parameters[i] != NULL) {
     675       31949 :                         _gnutls_epoch_free(session,
     676             :                                            session->record_parameters[i]);
     677       31949 :                         session->record_parameters[i] = NULL;
     678             :                 }
     679             : 
     680       23004 :         _gnutls_buffer_clear(&session->internals.handshake_hash_buffer);
     681       23004 :         _gnutls_buffer_clear(&session->internals.post_handshake_hash_buffer);
     682       23004 :         _gnutls_buffer_clear(&session->internals.hb_remote_data);
     683       23004 :         _gnutls_buffer_clear(&session->internals.hb_local_data);
     684       23004 :         _gnutls_buffer_clear(&session->internals.record_presend_buffer);
     685       23004 :         _gnutls_buffer_clear(&session->internals.record_key_update_buffer);
     686       23004 :         _gnutls_buffer_clear(&session->internals.reauth_buffer);
     687             : 
     688       23004 :         _mbuffer_head_clear(&session->internals.record_buffer);
     689       23004 :         _mbuffer_head_clear(&session->internals.record_recv_buffer);
     690       23004 :         _mbuffer_head_clear(&session->internals.record_send_buffer);
     691             : 
     692       23004 :         _mbuffer_head_clear(&session->internals.early_data_recv_buffer);
     693       23004 :         _gnutls_buffer_clear(&session->internals.early_data_presend_buffer);
     694             : 
     695       23004 :         _gnutls_free_datum(&session->internals.resumption_data);
     696       23004 :         _gnutls_free_datum(&session->internals.dtls.dcookie);
     697             : 
     698       23087 :         for (i = 0; i < session->internals.rexts_size; i++)
     699          83 :                 gnutls_free(session->internals.rexts[i].name);
     700       23004 :         gnutls_free(session->internals.rexts);
     701       23004 :         gnutls_free(session->internals.post_handshake_cr_context.data);
     702             : 
     703       23004 :         gnutls_free(session->internals.rsup);
     704             : 
     705       23004 :         gnutls_credentials_clear(session);
     706       23004 :         _gnutls_selected_certs_deinit(session);
     707             : 
     708             :         /* destroy any session ticket we may have received */
     709       23004 :         tls13_ticket_deinit(&session->internals.tls13_ticket);
     710             : 
     711             :         /* we rely on priorities' internal reference counting */
     712       23004 :         gnutls_priority_deinit(session->internals.priorities);
     713             : 
     714             :         /* overwrite any temp TLS1.3 keys */
     715       23004 :         gnutls_memset(&session->key.proto, 0, sizeof(session->key.proto));
     716             : 
     717             :         /* clear session ticket keys */
     718       23004 :         gnutls_memset(&session->key.session_ticket_key, 0,
     719             :                       TICKET_MASTER_KEY_SIZE);
     720       23004 :         gnutls_memset(&session->key.previous_ticket_key, 0,
     721             :                       TICKET_MASTER_KEY_SIZE);
     722       23004 :         gnutls_memset(&session->key.initial_stek, 0,
     723             :                       TICKET_MASTER_KEY_SIZE);
     724             : 
     725       23004 :         gnutls_mutex_deinit(&session->internals.post_negotiation_lock);
     726       23004 :         gnutls_mutex_deinit(&session->internals.epoch_lock);
     727             : 
     728       23004 :         gnutls_free(session);
     729             : }
     730             : 
     731        2223 : int _gnutls_dh_set_peer_public(gnutls_session_t session, bigint_t public)
     732             : {
     733        2223 :         dh_info_st *dh;
     734        2223 :         int ret;
     735             : 
     736        2223 :         switch (gnutls_auth_get_type(session)) {
     737             :         case GNUTLS_CRD_ANON:
     738             :                 {
     739         104 :                         anon_auth_info_t info;
     740         104 :                         info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON);
     741         104 :                         if (info == NULL)
     742           0 :                                 return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
     743             : 
     744         104 :                         dh = &info->dh;
     745         104 :                         break;
     746             :                 }
     747             :         case GNUTLS_CRD_PSK:
     748             :                 {
     749         391 :                         psk_auth_info_t info;
     750         391 :                         info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK);
     751         391 :                         if (info == NULL)
     752           0 :                                 return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
     753             : 
     754         391 :                         dh = &info->dh;
     755         391 :                         break;
     756             :                 }
     757             :         case GNUTLS_CRD_CERTIFICATE:
     758             :                 {
     759        1385 :                         cert_auth_info_t info;
     760             : 
     761        1385 :                         info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);
     762        1385 :                         if (info == NULL)
     763           0 :                                 return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
     764             : 
     765        1385 :                         dh = &info->dh;
     766        1385 :                         break;
     767             :                 }
     768             :         default:
     769         343 :                 return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
     770             :         }
     771             : 
     772        1880 :         if (dh->public_key.data)
     773           8 :                 _gnutls_free_datum(&dh->public_key);
     774             : 
     775        1880 :         ret = _gnutls_mpi_dprint_lz(public, &dh->public_key);
     776        1880 :         if (ret < 0) {
     777           0 :                 gnutls_assert();
     778           0 :                 return ret;
     779             :         }
     780             : 
     781             :         return 0;
     782             : }
     783             : 
     784        2388 : int _gnutls_dh_set_secret_bits(gnutls_session_t session, unsigned bits)
     785             : {
     786        2388 :         switch (gnutls_auth_get_type(session)) {
     787             :         case GNUTLS_CRD_ANON:
     788             :                 {
     789         104 :                         anon_auth_info_t info;
     790         104 :                         info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON);
     791         104 :                         if (info == NULL)
     792           0 :                                 return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
     793         104 :                         info->dh.secret_bits = bits;
     794         104 :                         break;
     795             :                 }
     796             :         case GNUTLS_CRD_PSK:
     797             :                 {
     798         464 :                         psk_auth_info_t info;
     799         464 :                         info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK);
     800         464 :                         if (info == NULL)
     801           0 :                                 return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
     802         464 :                         info->dh.secret_bits = bits;
     803         464 :                         break;
     804             :                 }
     805             :         case GNUTLS_CRD_CERTIFICATE:
     806             :                 {
     807        1470 :                         cert_auth_info_t info;
     808             : 
     809        1470 :                         info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);
     810        1470 :                         if (info == NULL)
     811           0 :                                 return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
     812             : 
     813        1470 :                         info->dh.secret_bits = bits;
     814        1470 :                         break;
     815             :         default:
     816         350 :                         return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
     817             :                 }
     818             :         }
     819             : 
     820             :         return 0;
     821             : }
     822             : 
     823             : /* Sets the prime and the generator in the auth info structure.
     824             :  */
     825             : int
     826        2397 : _gnutls_dh_save_group(gnutls_session_t session, bigint_t gen,
     827             :                      bigint_t prime)
     828             : {
     829        2397 :         dh_info_st *dh;
     830        2397 :         int ret;
     831             : 
     832        2397 :         switch (gnutls_auth_get_type(session)) {
     833             :         case GNUTLS_CRD_ANON:
     834             :                 {
     835         104 :                         anon_auth_info_t info;
     836         104 :                         info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON);
     837         104 :                         if (info == NULL)
     838           0 :                                 return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
     839             : 
     840         104 :                         dh = &info->dh;
     841         104 :                         break;
     842             :                 }
     843             :         case GNUTLS_CRD_PSK:
     844             :                 {
     845         469 :                         psk_auth_info_t info;
     846         469 :                         info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK);
     847         469 :                         if (info == NULL)
     848           0 :                                 return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
     849             : 
     850         469 :                         dh = &info->dh;
     851         469 :                         break;
     852             :                 }
     853             :         case GNUTLS_CRD_CERTIFICATE:
     854             :                 {
     855        1474 :                         cert_auth_info_t info;
     856             : 
     857        1474 :                         info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);
     858        1474 :                         if (info == NULL)
     859           0 :                                 return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
     860             : 
     861        1474 :                         dh = &info->dh;
     862        1474 :                         break;
     863             :                 }
     864             :         default:
     865         350 :                 return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
     866             :         }
     867             : 
     868        2047 :         if (dh->prime.data)
     869           8 :                 _gnutls_free_datum(&dh->prime);
     870             : 
     871        2047 :         if (dh->generator.data)
     872           8 :                 _gnutls_free_datum(&dh->generator);
     873             : 
     874             :         /* prime
     875             :          */
     876        2047 :         ret = _gnutls_mpi_dprint_lz(prime, &dh->prime);
     877        2047 :         if (ret < 0) {
     878           0 :                 gnutls_assert();
     879           0 :                 return ret;
     880             :         }
     881             : 
     882             :         /* generator
     883             :          */
     884        2047 :         ret = _gnutls_mpi_dprint_lz(gen, &dh->generator);
     885        2047 :         if (ret < 0) {
     886           0 :                 gnutls_assert();
     887           0 :                 _gnutls_free_datum(&dh->prime);
     888           0 :                 return ret;
     889             :         }
     890             : 
     891             :         return 0;
     892             : }
     893             : 
     894             : /**
     895             :  * gnutls_certificate_send_x509_rdn_sequence:
     896             :  * @session: a #gnutls_session_t type.
     897             :  * @status: is 0 or 1
     898             :  *
     899             :  * If status is non zero, this function will order gnutls not to send
     900             :  * the rdnSequence in the certificate request message. That is the
     901             :  * server will not advertise its trusted CAs to the peer. If status
     902             :  * is zero then the default behaviour will take effect, which is to
     903             :  * advertise the server's trusted CAs.
     904             :  *
     905             :  * This function has no effect in clients, and in authentication
     906             :  * methods other than certificate with X.509 certificates.
     907             :  **/
     908             : void
     909           0 : gnutls_certificate_send_x509_rdn_sequence(gnutls_session_t session,
     910             :                                           int status)
     911             : {
     912           0 :         session->internals.ignore_rdn_sequence = status;
     913           0 : }
     914             : 
     915             : /*-
     916             :  * _gnutls_record_set_default_version - Used to set the default version for the first record packet
     917             :  * @session: is a #gnutls_session_t type.
     918             :  * @major: is a tls major version
     919             :  * @minor: is a tls minor version
     920             :  *
     921             :  * This function sets the default version that we will use in the first
     922             :  * record packet (client hello). This function is only useful to people
     923             :  * that know TLS internals and want to debug other implementations.
     924             :  -*/
     925             : void
     926           9 : _gnutls_record_set_default_version(gnutls_session_t session,
     927             :                                    unsigned char major,
     928             :                                    unsigned char minor)
     929             : {
     930           9 :         session->internals.default_record_version[0] = major;
     931           9 :         session->internals.default_record_version[1] = minor;
     932           9 : }
     933             : 
     934             : /*-
     935             :  * _gnutls_hello_set_default_version - Used to set the default version for the first record packet
     936             :  * @session: is a #gnutls_session_t type.
     937             :  * @major: is a tls major version
     938             :  * @minor: is a tls minor version
     939             :  *
     940             :  * This function sets the default version that we will use in the first
     941             :  * record packet (client hello). This function is only useful to people
     942             :  * that know TLS internals and want to debug other implementations.
     943             :  -*/
     944             : void
     945          15 : _gnutls_hello_set_default_version(gnutls_session_t session,
     946             :                                    unsigned char major,
     947             :                                    unsigned char minor)
     948             : {
     949          15 :         session->internals.default_hello_version[0] = major;
     950          15 :         session->internals.default_hello_version[1] = minor;
     951          15 : }
     952             : 
     953             : /**
     954             :  * gnutls_handshake_set_private_extensions:
     955             :  * @session: is a #gnutls_session_t type.
     956             :  * @allow: is an integer (0 or 1)
     957             :  *
     958             :  * This function will enable or disable the use of private cipher
     959             :  * suites (the ones that start with 0xFF).  By default or if @allow
     960             :  * is 0 then these cipher suites will not be advertised nor used.
     961             :  *
     962             :  * Currently GnuTLS does not include such cipher-suites or
     963             :  * compression algorithms.
     964             :  *
     965             :  * Enabling the private ciphersuites when talking to other than
     966             :  * gnutls servers and clients may cause interoperability problems.
     967             :  **/
     968             : void
     969       10135 : gnutls_handshake_set_private_extensions(gnutls_session_t session,
     970             :                                         int allow)
     971             : {
     972             :         /* we have no private extensions */
     973       10135 :         return;
     974             : }
     975             : 
     976             : 
     977             : /**
     978             :  * gnutls_session_is_resumed:
     979             :  * @session: is a #gnutls_session_t type.
     980             :  *
     981             :  * Checks whether session is resumed or not. This is functional
     982             :  * for both server and client side.
     983             :  *
     984             :  * Returns: non zero if this session is resumed, or a zero if this is
     985             :  *   a new session.
     986             :  **/
     987        8076 : int gnutls_session_is_resumed(gnutls_session_t session)
     988             : {
     989        8076 :         if (session->security_parameters.entity == GNUTLS_CLIENT) {
     990         695 :                 const version_entry_st *ver = get_version(session);
     991         695 :                 if (ver && ver->tls13_sem &&
     992          78 :                     session->internals.resumed != RESUME_FALSE)
     993             :                         return 1;
     994             : 
     995         644 :                 if (session->security_parameters.session_id_size > 0 &&
     996             :                     session->security_parameters.session_id_size ==
     997         617 :                     session->internals.resumed_security_parameters.
     998             :                     session_id_size
     999         173 :                     && memcmp(session->security_parameters.session_id,
    1000             :                               session->
    1001         173 :                               internals.resumed_security_parameters.
    1002             :                               session_id,
    1003             :                               session->security_parameters.
    1004             :                               session_id_size) == 0)
    1005         115 :                         return 1;
    1006             :         } else {
    1007        7381 :                 if (session->internals.resumed != RESUME_FALSE)
    1008         914 :                         return 1;
    1009             :         }
    1010             : 
    1011             :         return 0;
    1012             : }
    1013             : 
    1014             : /**
    1015             :  * gnutls_session_resumption_requested:
    1016             :  * @session: is a #gnutls_session_t type.
    1017             :  *
    1018             :  * Check whether the client has asked for session resumption.
    1019             :  * This function is valid only on server side.
    1020             :  *
    1021             :  * Returns: non zero if session resumption was asked, or a zero if not.
    1022             :  **/
    1023         812 : int gnutls_session_resumption_requested(gnutls_session_t session)
    1024             : {
    1025         812 :         if (session->security_parameters.entity == GNUTLS_CLIENT) {
    1026             :                 return 0;
    1027             :         } else {
    1028         810 :                 return session->internals.resumption_requested;
    1029             :         }
    1030             : }
    1031             : 
    1032             : /*-
    1033             :  * _gnutls_session_is_psk - Used to check whether this session uses PSK kx
    1034             :  * @session: is a #gnutls_session_t type.
    1035             :  *
    1036             :  * This function will return non zero if this session uses a PSK key
    1037             :  * exchange algorithm.
    1038             :  -*/
    1039     6981150 : int _gnutls_session_is_psk(gnutls_session_t session)
    1040             : {
    1041     6981150 :         gnutls_kx_algorithm_t kx;
    1042             : 
    1043     6981150 :         kx = session->security_parameters.cs->kx_algorithm;
    1044     6981150 :         if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK
    1045     6981150 :             || kx == GNUTLS_KX_RSA_PSK)
    1046         150 :                 return 1;
    1047             : 
    1048             :         return 0;
    1049             : }
    1050             : 
    1051             : /*-
    1052             :  * _gnutls_session_is_ecc - Used to check whether this session uses ECC kx
    1053             :  * @session: is a #gnutls_session_t type.
    1054             :  *
    1055             :  * This function will return non zero if this session uses an elliptic
    1056             :  * curves key exchange exchange algorithm.
    1057             :  -*/
    1058        3275 : int _gnutls_session_is_ecc(gnutls_session_t session)
    1059             : {
    1060        3275 :         gnutls_kx_algorithm_t kx;
    1061             : 
    1062             :         /* We get the key exchange algorithm through the ciphersuite because
    1063             :          * the negotiated key exchange might not have been set yet.
    1064             :          */
    1065        3275 :         kx = session->security_parameters.cs->kx_algorithm;
    1066             : 
    1067        3275 :         return _gnutls_kx_is_ecc(kx);
    1068             : }
    1069             : 
    1070             : /**
    1071             :  * gnutls_session_get_ptr:
    1072             :  * @session: is a #gnutls_session_t type.
    1073             :  *
    1074             :  * Get user pointer for session.  Useful in callbacks.  This is the
    1075             :  *   pointer set with gnutls_session_set_ptr().
    1076             :  *
    1077             :  * Returns: the user given pointer from the session structure, or
    1078             :  *   %NULL if it was never set.
    1079             :  **/
    1080        1338 : void *gnutls_session_get_ptr(gnutls_session_t session)
    1081             : {
    1082        1338 :         return session->internals.user_ptr;
    1083             : }
    1084             : 
    1085             : /**
    1086             :  * gnutls_session_set_ptr:
    1087             :  * @session: is a #gnutls_session_t type.
    1088             :  * @ptr: is the user pointer
    1089             :  *
    1090             :  * This function will set (associate) the user given pointer @ptr to
    1091             :  * the session structure.  This pointer can be accessed with
    1092             :  * gnutls_session_get_ptr().
    1093             :  **/
    1094       10335 : void gnutls_session_set_ptr(gnutls_session_t session, void *ptr)
    1095             : {
    1096       10335 :         session->internals.user_ptr = ptr;
    1097       10335 : }
    1098             : 
    1099             : /**
    1100             :  * gnutls_session_set_verify_function:
    1101             :  * @session: is a #gnutls_session_t type.
    1102             :  * @func: is the callback function
    1103             :  *
    1104             :  * This function sets a callback to be called when peer's certificate
    1105             :  * has been received in order to verify it on receipt rather than
    1106             :  * doing after the handshake is completed. This overrides any callback
    1107             :  * set using gnutls_certificate_set_verify_function().
    1108             :  *
    1109             :  * The callback's function prototype is:
    1110             :  * int (*callback)(gnutls_session_t);
    1111             :  *
    1112             :  * If the callback function is provided then gnutls will call it, in the
    1113             :  * handshake, just after the certificate message has been received.
    1114             :  * To verify or obtain the certificate the gnutls_certificate_verify_peers2(),
    1115             :  * gnutls_certificate_type_get(), gnutls_certificate_get_peers() functions
    1116             :  * can be used.
    1117             :  *
    1118             :  * The callback function should return 0 for the handshake to continue
    1119             :  * or non-zero to terminate.
    1120             :  *
    1121             :  * Since: 3.4.6
    1122             :  **/
    1123             : void
    1124          24 :  gnutls_session_set_verify_function
    1125             :     (gnutls_session_t session,
    1126             :      gnutls_certificate_verify_function * func)
    1127             : {
    1128          24 :         session->internals.verify_callback = func;
    1129          24 : }
    1130             : 
    1131             : /**
    1132             :  * gnutls_record_get_direction:
    1133             :  * @session: is a #gnutls_session_t type.
    1134             :  *
    1135             :  * This function is useful to determine whether a GnuTLS function was interrupted
    1136             :  * while sending or receiving, so that select() or poll() may be called appropriately.
    1137             :  *
    1138             :  * It provides information about the internals of the record
    1139             :  * protocol and is only useful if a prior gnutls function call,
    1140             :  * e.g.  gnutls_handshake(), was interrupted and returned
    1141             :  * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN. After such an interrupt
    1142             :  * applications may call select() or poll() before restoring the
    1143             :  * interrupted GnuTLS function.
    1144             :  *
    1145             :  * This function's output is unreliable if you are using the same
    1146             :  * @session in different threads for sending and receiving.
    1147             :  *
    1148             :  * Returns: 0 if interrupted while trying to read data, or 1 while trying to write data.
    1149             :  **/
    1150         274 : int gnutls_record_get_direction(gnutls_session_t session)
    1151             : {
    1152         274 :         return session->internals.direction;
    1153             : }
    1154             : 
    1155             : /*-
    1156             :  * _gnutls_rsa_pms_set_version - Sets a version to be used at the RSA PMS
    1157             :  * @session: is a #gnutls_session_t type.
    1158             :  * @major: is the major version to use
    1159             :  * @minor: is the minor version to use
    1160             :  *
    1161             :  * This function will set the given version number to be used at the
    1162             :  * RSA PMS secret. This is only useful to clients, which want to
    1163             :  * test server's capabilities.
    1164             :  -*/
    1165             : void
    1166           5 : _gnutls_rsa_pms_set_version(gnutls_session_t session,
    1167             :                             unsigned char major, unsigned char minor)
    1168             : {
    1169           5 :         session->internals.rsa_pms_version[0] = major;
    1170           5 :         session->internals.rsa_pms_version[1] = minor;
    1171           5 : }
    1172             : 
    1173          31 : void _gnutls_session_client_cert_type_set(gnutls_session_t session,
    1174             :                               gnutls_certificate_type_t ct)
    1175             : {
    1176          31 :         _gnutls_handshake_log
    1177             :             ("HSK[%p]: Selected client certificate type %s (%d)\n", session,
    1178             :              gnutls_certificate_type_get_name(ct), ct);
    1179          31 :         session->security_parameters.client_ctype = ct;
    1180          31 : }
    1181             : 
    1182          72 : void _gnutls_session_server_cert_type_set(gnutls_session_t session,
    1183             :                               gnutls_certificate_type_t ct)
    1184             : {
    1185          72 :         _gnutls_handshake_log
    1186             :             ("HSK[%p]: Selected server certificate type %s (%d)\n", session,
    1187             :              gnutls_certificate_type_get_name(ct), ct);
    1188          72 :         session->security_parameters.server_ctype = ct;
    1189          72 : }
    1190             : 
    1191             : /**
    1192             :  * gnutls_handshake_set_post_client_hello_function:
    1193             :  * @session: is a #gnutls_session_t type.
    1194             :  * @func: is the function to be called
    1195             :  *
    1196             :  * This function will set a callback to be called after the client
    1197             :  * hello has been received (callback valid in server side only). This
    1198             :  * allows the server to adjust settings based on received extensions.
    1199             :  *
    1200             :  * Those settings could be ciphersuites, requesting certificate, or
    1201             :  * anything else except for version negotiation (this is done before
    1202             :  * the hello message is parsed).
    1203             :  *
    1204             :  * This callback must return 0 on success or a gnutls error code to
    1205             :  * terminate the handshake.
    1206             :  *
    1207             :  * Since GnuTLS 3.3.5 the callback is
    1208             :  * allowed to return %GNUTLS_E_AGAIN or %GNUTLS_E_INTERRUPTED to
    1209             :  * put the handshake on hold. In that case gnutls_handshake()
    1210             :  * will return %GNUTLS_E_INTERRUPTED and can be resumed when needed.
    1211             :  *
    1212             :  * Warning: You should not use this function to terminate the
    1213             :  * handshake based on client input unless you know what you are
    1214             :  * doing. Before the handshake is finished there is no way to know if
    1215             :  * there is a man-in-the-middle attack being performed.
    1216             :  **/
    1217             : void
    1218         226 : gnutls_handshake_set_post_client_hello_function(gnutls_session_t session,
    1219             :                                                 gnutls_handshake_simple_hook_func func)
    1220             : {
    1221         226 :         session->internals.user_hello_func = func;
    1222         226 : }
    1223             : 
    1224             : 
    1225             : /**
    1226             :  * gnutls_session_enable_compatibility_mode:
    1227             :  * @session: is a #gnutls_session_t type.
    1228             :  *
    1229             :  * This function can be used to disable certain (security) features in
    1230             :  * TLS in order to maintain maximum compatibility with buggy
    1231             :  * clients. Because several trade-offs with security are enabled,
    1232             :  * if required they will be reported through the audit subsystem.
    1233             :  *
    1234             :  * Normally only servers that require maximum compatibility with
    1235             :  * everything out there, need to call this function.
    1236             :  *
    1237             :  * Note that this function must be called after any call to gnutls_priority
    1238             :  * functions.
    1239             :  *
    1240             :  * Since: 2.1.4
    1241             :  **/
    1242           0 : void gnutls_session_enable_compatibility_mode(gnutls_session_t session)
    1243             : {
    1244           0 :         ENABLE_COMPAT(&session->internals);
    1245           0 : }
    1246             : 
    1247             : /**
    1248             :  * gnutls_session_channel_binding:
    1249             :  * @session: is a #gnutls_session_t type.
    1250             :  * @cbtype: an #gnutls_channel_binding_t enumeration type
    1251             :  * @cb: output buffer array with data
    1252             :  *
    1253             :  * Extract given channel binding data of the @cbtype (e.g.,
    1254             :  * %GNUTLS_CB_TLS_UNIQUE) type.
    1255             :  *
    1256             :  * Returns: %GNUTLS_E_SUCCESS on success,
    1257             :  * %GNUTLS_E_UNIMPLEMENTED_FEATURE if the @cbtype is unsupported,
    1258             :  * %GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE if the data is not
    1259             :  * currently available, or an error code.
    1260             :  *
    1261             :  * Since: 2.12.0
    1262             :  **/
    1263             : int
    1264        6046 : gnutls_session_channel_binding(gnutls_session_t session,
    1265             :                                gnutls_channel_binding_t cbtype,
    1266             :                                gnutls_datum_t * cb)
    1267             : {
    1268        6046 :         if (cbtype != GNUTLS_CB_TLS_UNIQUE)
    1269             :                 return GNUTLS_E_UNIMPLEMENTED_FEATURE;
    1270             : 
    1271        6046 :         if (!session->internals.initial_negotiation_completed)
    1272             :                 return GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE;
    1273             : 
    1274        6046 :         cb->size = session->internals.cb_tls_unique_len;
    1275        6046 :         cb->data = gnutls_malloc(cb->size);
    1276        6046 :         if (cb->data == NULL)
    1277             :                 return GNUTLS_E_MEMORY_ERROR;
    1278             : 
    1279        6046 :         memcpy(cb->data, session->internals.cb_tls_unique, cb->size);
    1280             : 
    1281        6046 :         return 0;
    1282             : }
    1283             : 
    1284             : /**
    1285             :  * gnutls_ecc_curve_get:
    1286             :  * @session: is a #gnutls_session_t type.
    1287             :  *
    1288             :  * Returns the currently used elliptic curve for key exchange. Only valid
    1289             :  * when using an elliptic curve ciphersuite.
    1290             :  *
    1291             :  * Returns: the currently used curve, a #gnutls_ecc_curve_t
    1292             :  *   type.
    1293             :  *
    1294             :  * Since: 3.0
    1295             :  **/
    1296        2049 : gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session)
    1297             : {
    1298        2049 :         const gnutls_group_entry_st *e;
    1299             : 
    1300        2049 :         e = get_group(session);
    1301        2049 :         if (e == NULL || e->curve == 0)
    1302           5 :                 return 0;
    1303             :         return e->curve;
    1304             : }
    1305             : 
    1306             : /**
    1307             :  * gnutls_group_get:
    1308             :  * @session: is a #gnutls_session_t type.
    1309             :  *
    1310             :  * Returns the currently used group for key exchange. Only valid
    1311             :  * when using an elliptic curve or DH ciphersuite.
    1312             :  *
    1313             :  * Returns: the currently used group, a #gnutls_group_t
    1314             :  *   type.
    1315             :  *
    1316             :  * Since: 3.6.0
    1317             :  **/
    1318        4701 : gnutls_group_t gnutls_group_get(gnutls_session_t session)
    1319             : {
    1320        4701 :         const gnutls_group_entry_st *e;
    1321             : 
    1322        4701 :         e = get_group(session);
    1323        4701 :         if (e == NULL)
    1324             :                 return 0;
    1325        2940 :         return e->id;
    1326             : }
    1327             : 
    1328             : /**
    1329             :  * gnutls_protocol_get_version:
    1330             :  * @session: is a #gnutls_session_t type.
    1331             :  *
    1332             :  * Get TLS version, a #gnutls_protocol_t value.
    1333             :  *
    1334             :  * Returns: The version of the currently used protocol.
    1335             :  **/
    1336        6410 : gnutls_protocol_t gnutls_protocol_get_version(gnutls_session_t session)
    1337             : {
    1338        6410 :         return get_num_version(session);
    1339             : }
    1340             : 
    1341             : /**
    1342             :  * gnutls_session_get_random:
    1343             :  * @session: is a #gnutls_session_t type.
    1344             :  * @client: the client part of the random
    1345             :  * @server: the server part of the random
    1346             :  *
    1347             :  * This function returns pointers to the client and server
    1348             :  * random fields used in the TLS handshake. The pointers are
    1349             :  * not to be modified or deallocated.
    1350             :  *
    1351             :  * If a client random value has not yet been established, the output
    1352             :  * will be garbage.
    1353             :  *
    1354             :  * Since: 3.0
    1355             :  **/
    1356             : void
    1357          60 : gnutls_session_get_random(gnutls_session_t session,
    1358             :                           gnutls_datum_t * client, gnutls_datum_t * server)
    1359             : {
    1360          60 :         if (client) {
    1361          35 :                 client->data = session->security_parameters.client_random;
    1362          35 :                 client->size =
    1363             :                     sizeof(session->security_parameters.client_random);
    1364             :         }
    1365             : 
    1366          60 :         if (server) {
    1367          31 :                 server->data = session->security_parameters.server_random;
    1368          31 :                 server->size =
    1369             :                     sizeof(session->security_parameters.server_random);
    1370             :         }
    1371          60 : }
    1372             : 
    1373             : /**
    1374             :  * gnutls_session_get_master_secret:
    1375             :  * @session: is a #gnutls_session_t type.
    1376             :  * @secret: the session's master secret
    1377             :  *
    1378             :  * This function returns pointers to the master secret
    1379             :  * used in the TLS session. The pointers are not to be modified or deallocated.
    1380             :  *
    1381             :  * This function is only applicable under TLS 1.2 or earlier versions.
    1382             :  *
    1383             :  * Since: 3.5.0
    1384             :  **/
    1385             : void
    1386           6 : gnutls_session_get_master_secret(gnutls_session_t session, gnutls_datum_t *secret)
    1387             : {
    1388           6 :         secret->data = session->security_parameters.master_secret;
    1389           6 :         secret->size = sizeof(session->security_parameters.master_secret);
    1390           6 : }
    1391             : 
    1392    22435000 : unsigned int timespec_sub_ms(struct timespec *a, struct timespec *b)
    1393             : {
    1394    22435000 :         time_t dsecs;
    1395             : 
    1396    22435000 :         dsecs = a->tv_sec - b->tv_sec;
    1397    22435000 :         if (!INT_MULTIPLY_OVERFLOW(dsecs, 1000)) {
    1398    22435000 :                 return (dsecs*1000 + (a->tv_nsec - b->tv_nsec) / (1000 * 1000));
    1399             :         } else {
    1400             :                 return UINT_MAX;
    1401             :         }
    1402             : }
    1403             : 
    1404             : /**
    1405             :  * gnutls_handshake_set_random:
    1406             :  * @session: is a #gnutls_session_t type.
    1407             :  * @random: a random value of 32-bytes
    1408             :  *
    1409             :  * This function will explicitly set the server or client hello 
    1410             :  * random value in the subsequent TLS handshake. The random value 
    1411             :  * should be a 32-byte value.
    1412             :  *
    1413             :  * Note that this function should not normally be used as gnutls
    1414             :  * will select automatically a random value for the handshake.
    1415             :  *
    1416             :  * This function should not be used when resuming a session.
    1417             :  *
    1418             :  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
    1419             :  *
    1420             :  * Since 3.1.9
    1421             :  **/
    1422             : int
    1423          15 : gnutls_handshake_set_random(gnutls_session_t session,
    1424             :                             const gnutls_datum_t * random)
    1425             : {
    1426          15 :         if (random->size != GNUTLS_RANDOM_SIZE)
    1427             :                 return GNUTLS_E_INVALID_REQUEST;
    1428             : 
    1429          15 :         session->internals.sc_random_set = 1;
    1430          15 :         if (session->security_parameters.entity == GNUTLS_CLIENT)
    1431           8 :                 memcpy(session->internals.resumed_security_parameters.
    1432           8 :                        client_random, random->data, random->size);
    1433             :         else
    1434           7 :                 memcpy(session->internals.resumed_security_parameters.
    1435           7 :                        server_random, random->data, random->size);
    1436             : 
    1437             :         return 0;
    1438             : }
    1439             : 
    1440             : /**
    1441             :  * gnutls_handshake_set_hook_function:
    1442             :  * @session: is a #gnutls_session_t type
    1443             :  * @htype: the %gnutls_handshake_description_t of the message to hook at
    1444             :  * @when: %GNUTLS_HOOK_* depending on when the hook function should be called
    1445             :  * @func: is the function to be called
    1446             :  *
    1447             :  * This function will set a callback to be called after or before the specified
    1448             :  * handshake message has been received or generated. This is a
    1449             :  * generalization of gnutls_handshake_set_post_client_hello_function().
    1450             :  *
    1451             :  * To call the hook function prior to the message being generated or processed
    1452             :  * use %GNUTLS_HOOK_PRE as @when parameter, %GNUTLS_HOOK_POST to call
    1453             :  * after, and %GNUTLS_HOOK_BOTH for both cases.
    1454             :  *
    1455             :  * This callback must return 0 on success or a gnutls error code to
    1456             :  * terminate the handshake.
    1457             :  *
    1458             :  * To hook at all handshake messages use an @htype of %GNUTLS_HANDSHAKE_ANY.
    1459             :  *
    1460             :  * Warning: You should not use this function to terminate the
    1461             :  * handshake based on client input unless you know what you are
    1462             :  * doing. Before the handshake is finished there is no way to know if
    1463             :  * there is a man-in-the-middle attack being performed.
    1464             :  **/
    1465             : void
    1466         219 : gnutls_handshake_set_hook_function(gnutls_session_t session,
    1467             :                                    unsigned int htype,
    1468             :                                    int when,
    1469             :                                    gnutls_handshake_hook_func func)
    1470             : {
    1471         219 :         session->internals.h_hook = func;
    1472         219 :         session->internals.h_type = htype;
    1473         219 :         session->internals.h_post = when;
    1474         219 : }
    1475             : 
    1476             : /**
    1477             :  * gnutls_record_get_state:
    1478             :  * @session: is a #gnutls_session_t type
    1479             :  * @read: if non-zero the read parameters are returned, otherwise the write
    1480             :  * @mac_key: the key used for MAC (if a MAC is used)
    1481             :  * @IV: the initialization vector or nonce used
    1482             :  * @cipher_key: the cipher key
    1483             :  * @seq_number: A 64-bit sequence number
    1484             :  *
    1485             :  * This function will return the parameters of the current record state.
    1486             :  * These are only useful to be provided to an external off-loading device
    1487             :  * or subsystem. The returned values should be considered constant
    1488             :  * and valid for the lifetime of the session.
    1489             :  *
    1490             :  * In that case, to sync the state back you must call gnutls_record_set_state().
    1491             :  *
    1492             :  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
    1493             :  *
    1494             :  * Since 3.4.0
    1495             :  **/
    1496             : int
    1497          17 : gnutls_record_get_state(gnutls_session_t session,
    1498             :                         unsigned read,
    1499             :                         gnutls_datum_t *mac_key,
    1500             :                         gnutls_datum_t *IV,
    1501             :                         gnutls_datum_t *cipher_key,
    1502             :                         unsigned char seq_number[8])
    1503             : {
    1504          17 :         record_parameters_st *record_params;
    1505          17 :         record_state_st *record_state;
    1506          17 :         unsigned int epoch;
    1507          17 :         int ret;
    1508             : 
    1509          17 :         if (read)
    1510             :                 epoch = EPOCH_READ_CURRENT;
    1511             :         else
    1512           9 :                 epoch = EPOCH_WRITE_CURRENT;
    1513             : 
    1514          17 :         ret = _gnutls_epoch_get(session, epoch, &record_params);
    1515          17 :         if (ret < 0)
    1516           0 :                 return gnutls_assert_val(ret);
    1517             : 
    1518          17 :         if (!record_params->initialized)
    1519           0 :                 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
    1520             : 
    1521          17 :         if (read)
    1522           8 :                 record_state = &record_params->read;
    1523             :         else
    1524           9 :                 record_state = &record_params->write;
    1525             : 
    1526          17 :         if (mac_key) {
    1527           4 :                 mac_key->data = record_state->mac_key;
    1528           4 :                 mac_key->size = record_state->mac_key_size;
    1529             :         }
    1530             : 
    1531          17 :         if (IV) {
    1532           4 :                 IV->data = record_state->iv;
    1533           4 :                 IV->size = record_state->iv_size;
    1534             :         }
    1535             : 
    1536          17 :         if (cipher_key) {
    1537           4 :                 cipher_key->data = record_state->key;
    1538           4 :                 cipher_key->size = record_state->key_size;
    1539             :         }
    1540             : 
    1541          17 :         if (seq_number)
    1542          17 :                 _gnutls_write_uint64(record_state->sequence_number, seq_number);
    1543             :         return 0;
    1544             : }
    1545             : 
    1546             : /**
    1547             :  * gnutls_record_set_state:
    1548             :  * @session: is a #gnutls_session_t type
    1549             :  * @read: if non-zero the read parameters are returned, otherwise the write
    1550             :  * @seq_number: A 64-bit sequence number
    1551             :  *
    1552             :  * This function will set the sequence number in the current record state.
    1553             :  * This function is useful if sending and receiving are offloaded from
    1554             :  * gnutls. That is, if gnutls_record_get_state() was used.
    1555             :  *
    1556             :  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
    1557             :  *
    1558             :  * Since 3.4.0
    1559             :  **/
    1560             : int
    1561           9 : gnutls_record_set_state(gnutls_session_t session,
    1562             :                         unsigned read,
    1563             :                         const unsigned char seq_number[8])
    1564             : {
    1565           9 :         record_parameters_st *record_params;
    1566           9 :         record_state_st *record_state;
    1567           9 :         int epoch, ret;
    1568             : 
    1569           9 :         if (read)
    1570             :                 epoch = EPOCH_READ_CURRENT;
    1571             :         else
    1572           5 :                 epoch = EPOCH_WRITE_CURRENT;
    1573             : 
    1574           9 :         ret = _gnutls_epoch_get(session, epoch, &record_params);
    1575           9 :         if (ret < 0)
    1576           0 :                 return gnutls_assert_val(ret);
    1577             : 
    1578           9 :         if (!record_params->initialized)
    1579           0 :                 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
    1580             : 
    1581           9 :         if (read)
    1582           4 :                 record_state = &record_params->read;
    1583             :         else
    1584           5 :                 record_state = &record_params->write;
    1585             : 
    1586           9 :         record_state->sequence_number = _gnutls_read_uint64(seq_number);
    1587             : 
    1588           9 :         if (IS_DTLS(session)) {
    1589           4 :                 _dtls_reset_window(record_params);
    1590             :         }
    1591             : 
    1592             :         return 0;
    1593             : }
    1594             : 
    1595             : /**
    1596             :  * gnutls_session_get_flags:
    1597             :  * @session: is a #gnutls_session_t type.
    1598             :  *
    1599             :  * This function will return a series (ORed) of flags, applicable
    1600             :  * for the current session.
    1601             :  *
    1602             :  * This replaces individual informational functions such as
    1603             :  * gnutls_safe_renegotiation_status(), gnutls_session_ext_master_secret_status(),
    1604             :  * etc.
    1605             :  *
    1606             :  * Returns: An ORed sequence of flags (see %gnutls_session_flags_t)
    1607             :  *
    1608             :  * Since: 3.5.0
    1609             :  **/
    1610         293 : unsigned gnutls_session_get_flags(gnutls_session_t session)
    1611             : {
    1612         293 :         unsigned flags = 0;
    1613             : 
    1614         293 :         if (gnutls_safe_renegotiation_status(session))
    1615         245 :                 flags |= GNUTLS_SFLAGS_SAFE_RENEGOTIATION;
    1616         293 :         if (gnutls_session_ext_master_secret_status(session))
    1617         247 :                 flags |= GNUTLS_SFLAGS_EXT_MASTER_SECRET;
    1618         293 :         if (gnutls_session_etm_status(session))
    1619          31 :                 flags |= GNUTLS_SFLAGS_ETM;
    1620         293 :         if (gnutls_heartbeat_allowed(session, GNUTLS_HB_LOCAL_ALLOWED_TO_SEND))
    1621           0 :                 flags |= GNUTLS_SFLAGS_HB_LOCAL_SEND;
    1622         293 :         if (gnutls_heartbeat_allowed(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND))
    1623           0 :                 flags |= GNUTLS_SFLAGS_HB_PEER_SEND;
    1624         293 :         if (session->internals.hsk_flags & HSK_FALSE_START_USED)
    1625          64 :                 flags |= GNUTLS_SFLAGS_FALSE_START;
    1626         293 :         if ((session->internals.hsk_flags & HSK_EARLY_START_USED) &&
    1627          23 :             (session->internals.flags & GNUTLS_ENABLE_EARLY_START))
    1628          10 :                 flags |= GNUTLS_SFLAGS_EARLY_START;
    1629         293 :         if (session->internals.hsk_flags & HSK_USED_FFDHE)
    1630          78 :                 flags |= GNUTLS_SFLAGS_RFC7919;
    1631         293 :         if (session->internals.hsk_flags & HSK_TICKET_RECEIVED)
    1632          18 :                 flags |= GNUTLS_SFLAGS_SESSION_TICKET;
    1633         293 :         if (session->security_parameters.post_handshake_auth)
    1634          11 :                 flags |= GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH;
    1635         293 :         if (session->internals.hsk_flags & HSK_EARLY_DATA_ACCEPTED)
    1636           3 :                 flags |= GNUTLS_SFLAGS_EARLY_DATA;
    1637         293 :         if (session->internals.hsk_flags & HSK_OCSP_REQUESTED)
    1638         260 :                 flags |= GNUTLS_SFLAGS_CLI_REQUESTED_OCSP;
    1639         293 :         if (session->internals.hsk_flags & HSK_CLIENT_OCSP_REQUESTED)
    1640          22 :                 flags |= GNUTLS_SFLAGS_SERV_REQUESTED_OCSP;
    1641             : 
    1642         293 :         return flags;
    1643             : }

Generated by: LCOV version 1.14